Russian Business Network (RBN); what if they were out to own the Internet by owning the DNS? The Internet totally relies on DNS (Domain Name System) so obviously this must be the stuff that Hollywood movies are made of, but this nightmare scenario is more real than any of us would like to believe.

This article draws a few of the ingredients together, it is important to stress this is not to discredit ICANN, but to show just how RBN and their associates are applying themselves to the weakness of DNS allocation and exploiting ICANN’s vulnerability via influence, commercial sponsorship and registrar development.

Firstly, RBN’s normal chaos creation, shown within the important and recent security research paper “Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority” by David Dagon, Niels Provos, et. al.; “291,528 hosts on the Internet performing either incorrect or malicious DNS service. With DNS resolution behavior so trivially changed, numerous malware instances in the wild, we urge the security community to consider the corruption of the (DNS) resolution path as an important problem.” [ref 1]

Connect this to the newer RBN technique to now ‘auto-generate’ 1,000’s of new malware and rogue domain registrations via duped or controlled registrars, e.g. Tucows (Ca), EstDomains, and shielded by PrivacyProtect - which now can outrun most security bloggers, security companies, black listing or rogue domain listings. [ref 2]

So, who runs or has the responsibility for DNS and keeping it safe? - ICANN (Internet Corporation for Assigned Names and Numbers) mostly self elected and privately operated as ICANNwatch.org describes “avoiding governmental accountability mechanisms, but ICANN also lacks much of the accountability normally found in corporations and in nonprofits.” [ref 3]

Directi, LogicBoxes and Skenzo - controls / manages / owns ‘PrivacyProtect’ – a domain privacy service which shields cybercrime, and does so by design. It currently shields 759,172 domains. [fig 2]

“LogicBoxes currently powers the infrastructure and software of over 50 ICANN Accredited Domain Registrars including EST Domains” [ref 5] LogicBoxes online corporate profile – EstDomains, which is associated with Atrivo aka Intercage. It is estimated Estdomains provide Atrivo with 40% to 60% of its revenue.

Directi, LogicBoxes and Skenzo associated with – Everyones Internet (US) and The Planet (US), rack space etc., for opticaljungle / orderbox-dns. Coincidentally both are within the top 10 of hosts in the world with infected web sites = 6,000 . [ref 6]

Bhavin Turakhia - CEO and Chairman of The Directi Group “Directi to continue growing at triple digit growth rates year after year, technical advisor to the local CyberCrime Investigation Cell, Bhavin was also former chairman for the Global ICANN Accredited Registrars Constituency for two consecutive terms. He has been the youngest elected chair for this post in the history of ICANN” - [ref 7] [ref 8]

“But if someone broke — or worse, subverted — the fundamental way in which we find web sites, we wouldn’t trust URLs any more. Own the DNS and you own the Internet.” [ref 17]

The background research and this summary article has been around four months in the making within the community. It should be emphasized there is considerably more ‘who’ and ‘what’ which will be presented in full later.

We feel even the most casual reader will be concerned, as this affects every user of the internet. We as a group want to further stress we are believers of an open and unrestricted internet however, if this trend of a parallel DNS system being developed with an unofficial DNS architecture that will fake all records, this will be a real mess, resulting in a groundswell of Internet users who rightly request governmental action in some form to assume some form of control.

We hope many readers as a minimum many will contact ICANN [ref 18] to at least determine what they are going to do about Estdomains, PrivacyProtect and anonymous domain registrants – right now! This also begs the question of the commercial approach of ICANN apparently supporting unfettered registrar development and who it allows in sponsorship or election. If ICANN does not rapidly clean up its own act to encourage the view that the DNS is safe in their hands, realistically several Internets will evolve, “Good, Bad, and the Ugly”

As for Directi and co., there will undoubtedly be arguments of; we are unaware, not responsible, we only manage, or a very small minority……. From their logged and monitored action we do not believe them. Even so, with their claimed expertise and if they were unaware of the role of EstDomains or PrivacyProtect, thus RBN, then should they be trusted within or in any form of association with ICANN?

Special thanks, to name but a few:Jim McQuaid, Debbie Rosman, David Bizeul, EmergingThreats.net malwaredomains.com, open source security community, Robtex, CyberDefCon, et.al.

Blog Note;

All trademarks and copyrights on this blog are owned by their respective owners. Unless otherwise stated, opinions expressed here are entirely that of rbnexploit.blogspot.com. All analyses are for personal edification, educational, and research purposes only. Any DNS, IP address, domain, or AS # mentioned is derived from exhaustive research and cross correlation from 3rd parties. Any queries contact rbnexploit (at) gmail.com